Switching

Expand all | Collapse all

any equivalent to secure-access-port in ELS ?

  • 1.  any equivalent to secure-access-port in ELS ?

    Posted 05-09-2021 17:35
    I came across the following:
    set ethernet-switching-options secure-access-port interface ge-0/0/0.0 allowed-mac 00:23:23:aa:bb:01

    Any equivalent to this in ELS ?

    thanks !!


  • 2.  RE: any equivalent to secure-access-port in ELS ?

    Posted 05-10-2021 01:03
    https://www.juniper.net/documentation/us/en/software/junos/security-services/topics/topic-map/understanding_and_using_persistent_mac_learning.html
    this is what you are looking for.


  • 3.  RE: any equivalent to secure-access-port in ELS ?

    Posted 05-11-2021 12:17
    thanks a lot !!

    But I think there is some difference between them.
    set ethernet-switching-options secure-access-port interface ge-0/0/0.0 allowed-mac 00:23:23:aa:bb:01
    This only allows the specified MAC.

    but persistent learning just sticks the first learnt MAC to the port. not customized specified.

    Right now, if I want to achieve the first one, I use the firewall filter
    set interfaces xe-0/0/4 unit 0 family ethernet-switching filter input allowMAC
    set firewall family ethernet-switching filter allowMAC term 1 from source-mac-address aa:bb:cc:00:a0:00/48
    set firewall family ethernet-switching filter allowMAC term 1 then accept
    set firewall family ethernet-switching filter allowMAC term 2 then discard
    ​

    I am wondering any simple approach like the above in ELS.